ADVERTISEMENT SKIP VIEW - Advertisement skip view is described. In embodiment(s), a video stream of recorded media content can be distributed to a media device when requested at the media device to render as television media content for viewing. The recorded media content can include one or more advertisement pods that each include one or more advertisements. A skip command can be received from the media device to skip an advertisement in an advertisement pod that is rendered for viewing, such as when a viewer initiates a skip command at the media device. A focal position in a next advertisement in the advertisement pod can then be determined to skip to the focal position in the next advertisement. The recorded media content can then be distributed to the media device from the focal position in the next advertisement.

2009-09-03

20090222851

METHOD, DEVICE AND COMPUTER PROGRAM PRODUCT FOR DISPLAYING AN ADVERTISEMENT TO A USER - A method for displaying advertisement to a user, the method includes: receiving, over an out of band channel and by an advertisement fulfillment engine that utilizes interactive capabilities of a user device, information representative of a first thin advertisement; determining, by the advertisement fulfillment engine, to display the first thin advertisement on a display that is coupled to the user device; instructing the display, in response to the information and to the determination, to display the first thin advertisement; and displaying the first thin advertisement in addition to a display of a video asset that is provided by a non-linear video infrastructure.

2009-09-03

20090222852

REVERSE 911 USING TV - A reverse 911 can be sent to a TV communicating with the Internet. The TV is automatically turned on if it is off, and a viewer can acknowledge the reverse 911 using a TV remote control.

2009-09-03

20090222853

Advertisement Replacement System - An advertisement replacement system monitors a multimedia stream containing digital television content and advertisements for indicators of objectionable advertisement content. Replacement content is substituted for all or part of an advertisement that has at least one indicator (or a threshold level) of objectionable content. Analysis of stored content may also be performed and stored objectionable content may be replaced with approved content. Blank screens, user-provided photographs, user-provided videos, advertiser-provided still images, and substitute advertisements are examples of replacement content.

2009-09-03

20090222854

SYSTEM AND METHOD FOR PRESENTING ADVERTISING DATA DURING TRICK PLAY COMMAND EXECUTION - A computer readable medium is disclosed containing instructions that when executed by a computer perform a method for presenting advertising data, the method including but not limited to receiving a video data stream at an end user device, receiving a video data stream at an end user device; recognizing a pattern in the video data stream indicating a particular arrangement of objects in the video data stream as scene start data; placing scene start marker data in the video data stream at the scene start data; receiving end user trick play command data during presentation of the video data stream at the end user device; and moving to the scene start marker data in the video data in response to the end user trick play command data. A system is disclosed for executing the method. A data structure is disclosed for containing data used by the system and method.

2009-09-03

20090222855

Method and apparatuses for hierarchical transmission/reception in digital broadcast - In accordance with various aspects of the invention, there is being provided a method and apparatus for transmitting, and a method and apparatus for receiving a digital broadcast signal including a hierarchical modulation having a high priority stream and a low priority stream. The content to be received or transmitted in encoded into two stream so that a first stream is configured to be transmitted or received with the high priority stream, and a second stream to be transmitted/received with the low priority stream is configured to contain additional information for increasing the bitrate of the first stream.

CONTENT RECOMMENDATION APPARATUS AND METHOD - A content recommendation apparatus that can recommend contents suitable to user's taste immediately even after introduction of the system even if a TV set is used by unspecified users. Among previously-determined recommendation ranks of contents, the content recommendation apparatus of the present invention lowers the recommendation rank of a VOD content that is similar to TV programs broadcast in other media at a prescribed time. As the prescribed time, can be employed a time designated by a user, a time on a prescribed cycle, or a time when a TV program on the air in another media is changed, for example.

2009-09-03

20090222858

System and Method for Creating Electronic Guides Based on Presence and Group Membership - A network server comprises a controller that creates and distributes an electronic guide to the members of an affinity group based on the presence statuses of one or more of the group members. The electronic guide identifies the title and location of one or more media files stored in a home system of the group members. The group members may view the electronic guide, and select a media file to render on their own home system.

2009-09-03

20090222859

METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR IMPLEMENTING AUTOMATIC UPDATE OF TIME SHIFT CONTENT - A method, apparatus, and computer program product implement automatic update of time shift content. Time sensitive information recorded on a client recording device is automatically updated responsive to updated content becoming available. Updating time sensitive information is enabled by a remote broadcast signal. The remote broadcast signal includes an embedded signal indicating sensitive information content.

2009-09-03

20090222860

VIDEO RECORDING DEVICE AND RESERVED VIDEO RECORDING METHOD THEREOF - A video recording device includes a mail transceiving module, a mail analyzing module, and a scheduling module. The mail transceiving module retrieves an E-mail including a title, an identification message, and a video request. The mail analyzing module analyzes the title and the identification message to determine whether the title and the identification message comply with predefined requirements. The scheduling module automatically schedules the video request when both the title and the identification message comply with the predefined requirements. A reserved video recording method is also provided.

2009-09-03

20090222861

System and Method for Displaying a High Impact Video Test - A method is provided for displaying a video. The method includes providing a display field on a webpage and displaying an article of clothing within the display field. A first link to a first video is also provided on the webpage. When a selection of the first link is received from a user, the first video is played. The video depicts a human form wearing the article of clothing and performing a test motion to demonstrate performance of the article of clothing.

2009-09-03

20090222862

VIDEO PLAYER, DOCKING STATION AND SYSTEM FOR VEHICLE HAVING WIRELESS VIDEO TRANSMISSION - A multimedia playing device for use in a vehicle. The multimedia playing device is mounted within the dashboard of a vehicle and is able to wirelessly transmit video to various display devices located in the vehicle. The multimedia playing device is able to accommodate any number of multimedia playing devices. The audio may be directly transmitted to the stereo system of the vehicle. In another aspect, the invention is a docking device for use in a vehicle. The docking device is adapted to be placed within the cup holder of a vehicle. An external media device is connected to the docking device in order to transmit the video and audio data. The docking device is able to wirelessly transmit video to display devices located in the vehicle. The audio may be directly transmitted to the stereo system of the vehicle and/or to the display device.

2009-09-03

20090222863

Wireless video and audio broadcasting device - A broadcasting device includes a video and audio transmitter, several video and audio receivers to wirelessly receive signals from the video and audio transmitter, and a remote control; the video and audio transmitter is connected to a computer/multimedia broadcasting device; the video and audio receivers are each connected to a respective broadcasting device so that video and audio information from the computer/multimedia broadcasting device can be transmitted through the transmitter, received with the receivers, and broadcasted through the broadcasting devices connected to the receivers; the remote control is used to give orders to the transmitter and the receivers so as to control video and audio information broadcasted through the broadcasting devices; the transmitter has a wireless signal communication module, and can be connected to internet to serve as a router with signals being received and transmitted through the wireless signal communication module.

2009-09-03

20090222864

Apparatus and Method For Interactive Digital Media Content Requests - A remote user interface transmits a digital media request through a first communication link to a media management control which is coupled by a second communication link to a digital audio-visual playback device for selecting and playing a stored digital media by the playback device. The media management control executes a set of rules applicable to each playback device in determining whether or not a user request will be accepted or rejected for play on a particular playback device.

2009-09-03

20090222865

SYSTEM AND METHOD FOR MANAGING MEDIA FILES BASED ON CONTRACTS - There is disclosed a media file distribution system and method. An asset management and delivery system and method for the distribution of digital files and data is provided. There are two major functions, with sub-functions within each. The system first serves as a fully automated management system for a company involved in video/file distribution, such as in video on demand (VOD) or other digital file industries. The system can ingest, prepare, schedule, transmit, track and report on any aspect of the business chain. Secondly, it also serves as a product for both content providers and recipients to be able to view, manage and run their entire content offering remotely from anywhere through the Internet.

2009-09-03

20090222866

Devices and/or Methods for Switching Between Program Sources - Certain exemplary embodiments can provide a method comprising: determining a second program corresponding to a received first program; recognizing an interruption of the first program; based on a time of the interruption, specifying a time of continuation of the second program; and transmitting the second program to an output unit at the time of continuation.

2009-09-03

20090222867

Broadcast receiving apparatus, video storing apparatus, and multimedia delivering system - An apparatus is provided which supplies cached data in a house which does not require a large-space storage device, is a broadcast receiving apparatus that is connected to a network and that receives multimedia data including at least one of video and audio, from a device installed in a broadcast station. The apparatus includes a data receiving unit that receives the multimedia data from the device installed in the broadcast station, a selecting unit that selects one of the video storing apparatuses each of which stores multimedia data, an information communicating unit that transmits a request for storing multimedia data to the video storing apparatus selected by the selecting unit, and a data output unit that outputs the multimedia data received by the data receiving unit to the video storing apparatus selected by the selecting unit via the network.

2009-09-03

20090222868

SERVICE FOR PROVIDING SHARED MULTIMEDIA CONTENT - A multimedia content delivery resource suitable for supporting a video on demand service to a plurality of users substantially simultaneously. The multimedia content delivery resource includes a reception interface for receiving a video content item selection signal associated with a primary subscriber; and a subscriber selection signal indicative of a secondary subscriber associated with the primary subscriber; a shared video module operable to identify a selected video content item associated with the video content item selection signal and define recipients of the identified video content item based at least in part on the subscriber selection signal; and a transmission interface operable to transmit the identified video content item substantially simultaneously to the defined recipients.

2009-09-03

20090222869

ADDRESSING METHOD FOR TRANSPORTING DATA ON A TELECOMMUNICATION NETWORK, CORRESPONDING ADDRESS STRUCTURE SIGNAL, GATEWAY AND COMPUTER PROGRAMME - A method is provided for transforming a first transport level address into a second transport level address: the first address representing at least one digital data broadcasting service from at least one non-meshed broadcasting network and comprising data identifying the at least one digital data broadcasting service; the second address including a source field and/or a destination field in datagrams addressed to at least one communication network. The method includes the following steps: recovering data identifying the at least one digital data broadcasting service; inserting at least part of the identifying data in the second address of the datagrams.

2009-09-03

20090222870

PERSONALIZED VIDEO GENERATION - A personalised video generation system, including: (i) a digital asset manager for storing a video project file marked with references to content groups and content substitution rules; (ii) an editing tool for accessing the file and displaying content of the file grouped based on the groups, and generating an interface for substituting content across a video corresponding to the file, the interface adjusting the references for the digital asset manager; and (iii) a content generation engine for processing the file and the rules, based on personal data for intended recipients, to access content items and generating a plurality of video project files for rendering as corresponding videos for the recipients. The system can also include (iv) a distribution engine for communicating with a least one distribution gateway for a delivery platform; and (v) a least one render engine for receiving the video project files, causing rendering of the videos for a respective delivery platform, and forwarding the videos to the distribution engine for distribution of the videos for the respective delivery platform.

2009-09-03

20090222871

Method of transmitting digital services over a network and device implementing the method - Within the context of the broadcasting of DVB services over an IP network, the trend is to separate the signalling information describing the network and the services offered from the services themselves. The signalling is made available to the terminals via XML files available on HTTP servers. In contrast to this approach, the invention consists of a method of recognition, by a receiver connected to a bidirectional network, of digital services on the bidirectional network, which comprises a step in which the receiver connects to a first stream, a step in which the receiver extracts from said stream information on the location on the network, on the one hand, of streams conveying the content of these services and, on the other hand, of separate streams conveying information describing these services, a step in which the receiver connects to at least some of the streams conveying service description information to obtain information on these services and a step in which the receiver uses this information to construct a list, possibly unitary, of the services available on the network.

2009-09-03

20090222872

METHOD AND SYSTEM FOR PROVIDING DIFFERENT FORMATS OF ENCODED CONTENT IN A SWITCHED DIGITAL VIDEO (SDV) SYSTEM - A method, system and devices for delivering a switched digital video (SDV) channel to a network element, such as an end user set-top box, based on the decoding capabilities of the network element. The system determines whether to deliver the SDV channel in a first format, such as MPEG-4, or a second format, such as MPEG-2. When only network elements capable of decoding MPEG-4 content are tuned to the SDV channel, the system can realize bandwidth savings by delivering only the MPEG-4 version of the SDV channel. When legacy network elements capable of decoding only MPEG-2 content tune to a particular SDV channel, the system delivers only the MPEG-2 version of the SDV channel. The methods and devices can be used in headends, including those that deploy switched digital video, and other appropriate locations within the content distribution system, such as within the edge devices in the distribution hub.

2009-09-03

20090222873

Multimedia Channel Switching - The invention reduces the user-perceived time of switching multimedia channels in a unicast communications system. This shortening of the switch procedure is obtained by reducing the buffering of the multimedia data in the data buffer of a user terminal. A reduced media buffering results in that multimedia data of the new channel will be rendered in the user terminal in a much shorter period of time. A multimedia provider communicating the multimedia data to the terminal determines a reduced transmission rate that will be temporarily employed for obtaining the buffering reduction. This reduced rate is lower than the normally employed transmission rate and lower than the rendering rate of the media player of the terminal. Consequently, the terminal buffer will be emptying in a faster rate than it is replenished and a buffer level reduction is obtained.

2009-09-03

20090222874

METHOD, DEVICE AND SYSTEM FOR SESSION MOBILITY OF INTERNET PROTOCOL TELEVISION (IPTV) CONTENT BETWEEN END USER COMMUNICATION DEVICES - A method, device and system for providing Internet Protocol Television (IPTV) session mobility between end user communication devices, such as between a set-top box and a mobile communication device. IPTV session mobility is provided using a control server configured to manage and facilitate the transfer of the IPTV session in response to receiving appropriate IPTV session control information from the set-top box and/or the mobile communication device. The control server also is configured to discontinue or terminate an existing transfer of IPTV content to the mobile communication device in response to receiving appropriate IPTV session control information. The control server also is configured to allow the mobile communication device to change IPTV channels, perform trick play operations and retrieve stored content from and control various functions of the set-top box. The control server can be a network element coupled to the IP network.

2009-09-03

20090222875

Distributed tuner allocation and conflict resolution - Systems, methods and computer program products for allocating tuner resources to tuner consumers when a tuner conflict occurs. When the tuner resources of a system or network reside at a central server, the tuners are allocated to requesting consumers according to the priority of the tuner request and the current tuner priorities. A tuner request that has a higher priority than one of the current tuners is granted. The tuner is not taken from the consumer without warning, however. Tuner conflict is also prevented by lowering the respective tuner priorities as appropriate.

2009-09-03

20090222876

POSITIVE MULTI-SUBSYSTEMS SECURITY MONITORING (PMS-SM) - A system for Positive Multi-Subsystems—Security Monitoring providing for the monitoring of security events of a business organization comprising business assets, wherein the events are monitored according to a positively stated policy that is created, managed and controlled by Multiple Sub-Systems Meta Security Policy. The system includes Policy Connectors, wherein each PC has a specific set of rules and relevant data and an event collector comprising centralized event collector software, wherein the event collector collects security events, and wherein each security event is created in the PMS-SM system using MSSMSP. Each event arises from an application. The system also includes security events which include Business Asset Monitor events. A BAM event represents user activity against a specific business asset and Security data that is queried from the various security sub-systems using the PC's and a Security policy of MSSMSP. The system enables positive, centralized security monitoring.

2009-09-03

20090222877

UNIFIED NETWORK THREAT MANAGEMENT WITH RULE CLASSIFICATION - A computer network device comprises an intrusion prevention rule set comprising a plurality of rules, each of the plurality of rules associated with two or more rule classification parameters, and an intrusion prevention module that is operable to use two or more of the classification parameters associated with the plurality of intrusion protection rules to selectively apply the rules to provide network intrusion protection of network traffic

2009-09-03

20090222878

SYSTEMS AND METHODS FOR A SECURE GUEST ACCOUNT - An embodiment relates generally to a method of creating a secure environment in a computer device. The method includes providing a secure guest account in a multi-user operating system and enforcing a policy on the secure account to allow a user to log-in to the secure guest account while preventing access at least one network port of the computer device. The method also includes enforcing a rule to allow the secure guest account access to an application and the at least one network port.

2009-09-03

20090222879

SUPER POLICY IN INFORMATION PROTECTION SYSTEMS - Providing access to information based on super policy. Information is associated with author policy expressing restrictions on use of the information The author policy is processed using super policy programmatic code to generate a composite policy. The composite policy includes a combination of the author policy and super policy applied by the super policy programmatic code, such that restrictions are added to or removed from the author policy to create the composite policy. A request for the information is evaluated. This includes evaluating information about the requester against the composite policy to determine if the requester is authorized to access the information. A determination is made that the requester is authorized to access the information based on the composite policy, where after the requester is authorized to access the information based on the composite policy, access is granted to the information to the requester.

2009-09-03

20090222880

Configurable access control security for virtualization - Provided are systems and methods for applying access controls to separate and contain virtual machines in a flexible, configurable manner. Access can be granted or removed to a variety of system resources—including network cards, shared folders, and external devices. Operations, such as cut and paste, between the virtual machines can be restricted or allowed. Virtual machines are run in containers. This allows more than one virtual machine to share the same access profile. Containers can be configured to allow a user to instantiate a virtual machine at run time. This allows the user to dynamically define which virtual machines run in various containers. An administrator determines which containers (if any) allow dynamic instantiation, and specifies the list of virtual machines the user can choose from. A container, and/or virtual machines within the container, can be restricted to particular users.

2009-09-03

20090222881

RESOURCE STATE TRANSITION BASED ACCESS CONTROL SYSTEM - Enforcing access control based on resource state. A method includes receiving a request for an operation on one or more objects stored on computer readable media. One or more pre-operation states of the one or more objects are determined. One or more post-operation states of the one or more objects are determined. One or more access control rules are referenced. The access control rules control access to resources based on pre-operation state and post operation state. It can then be determined that the one or more access control rules allow the operation to succeed based on the one or more pre-operation states and the one or more post operation states. Based on determining that the one or more access control rules allow the operation to succeed, the operation is allowed to succeed.

2009-09-03

20090222882

UNIFIED MANAGEMENT POLICY - Defining a unified access management policy expression that unifies access control policy with events or workflows. Unified management policy information is stored. The unified management policy information defines permissions for access to resources together with events or workflows. A request is received to execute the one or more operations on one or more objects. The requested operation is verified against the unified management rules. Verifying includes performing a single retrieval, retrieving both the access control information and the events or workflows and calculating the applicability of the rule to the conditions represented by the request. Matching rules are applied, access control decisions performed and associated workflows are executed.

2009-09-03

20090222883

Method and Apparatus for Confidential Knowledge Protection in Software System Development - An apparatus and a computer-implemented method for protecting confidential knowledge in a software system design which includes a plurality of artifacts. The method includes the steps of calculating a correlation between the confidential knowledge and the software system design, acquiring inter-dependencies between the artifacts in the software system design, and determining protection mechanisms for the respective artifacts according to the correlation and the inter-dependencies. The system includes a correlation calculating section for calculating a correlation between the confidential knowledge and the software system design; an inter-dependency acquiring section for acquiring inter-dependencies between the artifacts in the software system design; and a mechanism designing section for determining protection mechanisms for the respective artifacts according to said correlation and said inter-dependencies.

2009-09-03

20090222884

INTERFACES AND METHODS FOR GROUP POLICY MANAGEMENT - A system and method for managing group policy objects in a network, including interfaces that allow access by programs or a user interface component to functions of a group policy management console that performs management tasks on group policy objects and other related objects. The interfaces abstract the underlying data storage and retrieval, thereby facilitating searching for objects, and providing the ability to delegate, view, change and permissions on those objects, and check and save those permissions. Modeling and other test simulations are facilitated by other interfaces. Other interfaces provide dynamic and interactive features, such as to convey progress and rich status messages, and allow canceling of an ongoing operation. Still other interfaces provide methods for operating on group policy related data, including group policy object backup, restore, import, copy and create methods, and methods for linking group policy objects to scope of management objects.

2009-09-03

20090222885

SYSTEM AND METHODOLOGY PROVIDING MULTI-TIER SECURITY FOR NETWORK DATA WITH INDUSTRIAL CONTROL COMPONENTS - The present invention relates to a system and methodology facilitating network security and data access in an industrial control environment. An industrial control system is provided that includes an industrial controller to communicate with a network. At least one security layer can be configured in the industrial controller, wherein the security layer can be associated with one or more security components to control and/or restrict data access to the controller. An operating system manages the security layer in accordance with a processor to limit or mitigate communications from the network based upon the configured security layer or layers.

2009-09-03

20090222886

UNIT USING OS AND IMAGE FORMING APPARATUS USING THE SAME - A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

2009-09-03

20090222887

SYSTEM AND METHOD FOR ENABLING DIGITAL SIGNATURES IN E-MAIL COMMUNICATIONS USING SHARED DIGITAL CERTIFICATES - A system and method for digitally signing an email communication using a shared digital certificate. The system includes a means for selecting a digital certificate and a matching private key, a header-field editor for populating a sender-field of the digital message with an address associated with the authentication means, and a means for digitally signing the digital message with the private key matching the digital certificate.

2009-09-03

20090222888

COMMUNICATING A PASSWORD SECURELY - A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.

2009-09-03

20090222889

REMOTE DISABLEMENT OF A COMPUTER SYSTEM - Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable.

2009-09-03

20090222890

METHOD AND APPARATUS FOR PROVIDING STREAMING SERVICE BASED ON P2P AND STREAMING SERVICE SYSTEM USING THE SAME - A method and apparatus for providing a stream service based on P2P and a streaming service system using the same are provided. In order to provide the stream service to peers without concentrating the load thereof to a server, the each peer includes an apparatus for providing a streaming service. The streaming service apparatus includes a peer communication module, a storing unit, and a peer server unit and a peer client unit. By using a streamable software list and a peer list transmitted from the peer communication module, the peer server unit for receiving a streaming service request from other peers, reading corresponding software from the storing unit and providing a streaming service for the read software. Also, the peer client unit requests a streaming service for predetermined software to other peer, and stores streamable software, which is received from other peers through the streaming service, in the storing unit.

2009-09-03

20090222891

METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. Geographical information is maintained in an updatable cache.

2009-09-03

20090222892

REMOTE ACCESS SYSTEM, METHOD AND PROGRAM - A remote access system comprises a remote terminal, an access server accommodating a connection from the remote terminal, and first and second logical channels logically connecting the remote terminal and the access server. The remote terminal comprises a flow search processing unit that classifies flows. The access server comprises a pass determining unit that determines whether a flow can pass or not, and a flow search processing unit that classifies flows. The first logical channel is used to transfer packets included in a flow that needs to be judged by the access server as to whether it can pass or not. The second logical channel is used to transfer packets included in a flow that has been permitted by the access server to pass.

2009-09-03

20090222893

LEGACY DEVICE REGISTERING METHOD, DATA TRANSFERRING METHOD AND LEGACY DEVICE AUTHENTICATING METHOD - A method of registering a legacy device, a method of transferring data, and a method of authenticating a legacy device are provided. The method of registering a legacy device by using a virtual client, which allows the legacy device to access a domain, includes: receiving unique information on the legacy device from the legacy device which requests the domain to register the legacy device; searching a registrable legacy device list including the unique information on the legacy device which can be registered in the domain for the unique information on the legacy device; and requesting a domain manager, which manages the domain, to register the legacy device, when the unique information on the legacy device is included in the registrable legacy device list, and not allowing the legacy device to be registered in the domain when the unique information on the legacy device is not included in the registrable legacy device list.

2009-09-03

20090222894

Systems and Methods for Delegation and Notification of Administration of Internet Access - Disclosed are systems, methods, and computer readable media for delegating administrative rights to a third party in an Internet access control application comprising receiving a designation of a third party wherein the designation identifies the third party as a recipient of administrative rights in an access control application, and receiving a selection of administrative rights to be associated with the third party. Further, an invitation can be sent, or caused to be sent, to the third party. Acceptance of said invitation can be received. Also, administrative rights can be granted to the third party. The systems, methods, and computer readable media can be operable within a client/server architecture. Also disclosed are systems, methods, and computer readable media for notification of an access policy violation. Also disclosed are systems, methods, and computer readable media for administration of an access control application by a third party and access policy violation notification.

2009-09-03

20090222895

Systems and Methods of Network Operation and Information Processing - Systems and methods are disclosed for network operation and information processing involving engaging users of a network. In one exemplary embodiment, there is provided a method of engaging users of a public-access network. Moreover, the method includes associating a processing component with the public-access network; transmitting a request for authorization to use the public-access network, including transmission of a specific identifier associated with the user; transmitting first data including data determined by processing software as a function of the specific identifier; and opening up a connection to the network for the user. In one or more further embodiments, the specific identifier may include or be a function of a processing component ID or the MAC address of a device associated with the user. Other exemplary embodiments may include building profiles of users who access the network based on information collected.

Systems and methods for authorization of information access - Systems and methods according to the present invention provide a proactive approach to controlling access to information that may be correlated with a governmentally issued personal identifier. Included are systems and methods for proactive control of information access and liability incursion. Further included are systems and methods for emulating information access to an authorized person. Generally, a method according to the present invention includes the steps of requesting verification from a subscriber at any time that information is requested from registered information holders and any time that liability may be incurred through registered information holders. In this way, the subscriber, rather than reacting to invasive information or identity theft, may proactively control access to such information, thereby preventing the theft in the first place.

2009-09-03

20090222898

METHOD FOR SECURE TRANSFER OF MEDICAL DATA TO A MOBILE UNIT/TERMINAL - A method is described for secure transfer of medical data to a mobile unit/terminal, where encoded medical data from a patient's regular doctor are made available via a central server in a network. The method comprises the following steps: to order transfer of encoded information to the mobile unit/terminal, in that a request is sent to the central server; to generate encoded information containing medical data in the central server; to transfer information in encrypted and encoded format from the server to the mobile unit/terminal, after the user has authenticated himself; to store and protect the encoded information in the mobile unit/terminal; to transform the encoded information to a readable format in that the user authenticates himself with a personal code that is sent from the mobile unit/terminal to the server, whereupon the ID is verified in the server, and that encoded information is sent to the server for decoding; and to transfer from the server a picture in clear text to the mobile unit/terminal.

2009-09-03

20090222899

SYSTEMS AND METHODS FOR UNIFIED LOGIN TO MULTIPLE NETWORKED SERVICES - Embodiments relate to systems and methods for unified login to multiple networked services. A user operates a browser to access a Web site, such as an email portal. The user is presented with a query box to input login information such as a user name and password to view email from an email account. Upon entry of login information to the email or other site, a login manager captures the login information to automatically transmit that information to a local program and associated networked sites or services, such as messenger or media services, that accept the same login information. The login manager logs the user into that program and additional services without the user having to re-enter the same login information. The additional services can be accessed via an online desktop, and the user can configure the additional local programs or registered services via that desktop or other interface.

2009-09-03

20090222900

AUTHENTICATION TICKET VALIDATION - Computer-readable media, systems, and methods for validating an authentication ticket to ensure authenticated communications between a client and an online service provider. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.

2009-09-03

20090222901

Collecting Account Access Statistics from Information Provided by Presence of Client Certificates - A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.

2009-09-03

20090222902

Methods And Apparatus For Use In Enabling A Mobile Communication Device With A Digital Certificate - In one illustrative scenario, a mobile communication device causes a communication session to be established with a host server of a communication network. The mobile device performs communication operations in the communication session for activating a communication service, such as a data synchronization service, with the host server. In the communication session, the mobile device also receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to the host server. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN.

2009-09-03

20090222903

SYSTEM AND METHOD FOR SHARED RESOURCE OWNER BASED ACCESS CONTROL - Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission.

METHOD, APPARATUS, AND SYSTEM FOR PRE-AUTHENTICATION AND PROCESSING OF DATA STREAMS - A method, apparatus and system for pre-authenticating ports is disclosed. In one embodiment, an active port facilitating communication of media content between a transmitting device and a receiving device is identified, while the active port are associated with a first High-Definition Content Protection (HDCP) engine. Then, inactive ports that are in idle mode serving as backup ports to the active port are identified, while the inactive ports are associated with a second HDCP engine. Pre-authentication of each of the inactive ports is performed so the pre-authenticated inactive ports can subsequently replace the active port if a port switch is performed.

Device for Transmission of Stored Password Information Through a Standard Computer Input Interface - A novel password management device is interposed between a computer and a conventional computer input device such as a keyboard. Passwords are defined at the input device, stored in a preferably encrypted password vault and forwarded to a secure application. When the user is prompted for a password, the device retrieves the password from the vault and provides it to the computer in a manner indistinguishable from conventional data traffic, mitigating the likelihood that the innocuous data stream will be monitored to recover the password. The transmission of a password is push technology and may be enhanced by a gating feature. Automatic password retrieval from the vault is convenient to the user, particularly if the device automatically generates random passwords. No software is installed on the computer; the device is operating system, application and platform independent. The device may be integrated within the input device or within the computer itself.

2009-09-03

20090222909

Password Management Outside of a Bios - In accordance with at least one presently preferred embodiment of the present invention, there is broadly contemplated herein the managing of a POP not solely in the BIOS but at least partly in a more secure location. In accordance with a particularly preferred embodiment of the present invention, this location could be in a NVRAM (non-volatile random access memory) inside a TPM (trusted platform module). Most preferably, this location will contain code that the BIOS preferably will need to access and employ in order to complete the booting of the system.

2009-09-03

20090222910

MEMORY DEVICE AND CHIP SET PROCESSOR PAIRING - Systems, devices and/or methods that facilitate mutual authentication for processor and memory pairing are presented. A processor and a suitably equipped memory can be provided with a shared secret to facilitate mutual authentication. In addition, the memory can be configured to verify that the system operating instructions have not been subjected to unauthorized alterations. System integrity can be ensured according to the disclosed subject matter by mutual authentication of the processor and memory and verification of the authenticity of system operating instructions at or near each system power up. As a result, the disclosed subject matter can facilitate relatively low complexity assurance of system integrity as a replacement or supplement to conventional techniques.

2009-09-03

20090222911

MULTI-USER LOGIN METHOD FOR COMPUTER NUMERICAL CONTROL MACHINE - An exemplary multi-user login method for a computer numerical control (CNC) machine includes: initializing a program installed in the CNC machine, thereby displaying a user selection interface on a screen of the CNC machine; a user inputting a user name and password on the user selection interface; the program of the CNC machine determining whether or not the user is registered based on the user name and password entered; if the user is registered, an operating system of the CNC machine loading a driver program installed in a motion control card of the CNC machine, and the driver program reading the user's personal information stored in the motion control card; and accessing a user operation interface of the registered user.

2009-09-03

20090222912

IDENTIFICATION DEVICE AND AUTHENTICATION METHOD THROUGH SUCH A DEVICE - An identification device comprises a seat for containing a sample of biological material and at least one storage support suitable for containing a record in electronic format of the DNA. An authentication method compares the record of the sample of DNA with the one stored in said support.

SECURITY MANAGEMENT METHOD AND APPARATUS, AND SECURITY MANAGEMENT PROGRAM - According to the present invention, a security management program which is recorded in a computer readable recording medium and is used to control access to target data in accordance with a security level of a device and an access right of a user, comprises a code of a user authentication step of setting the access right of the user with reference to a saved user authentication history when access to an authentication server cannot be made; and a code of a security level setting step of determining a security level of the device in accordance with a state of the device, and saving the determined security level.

2009-09-03

20090222915

System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory - A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

2009-09-03

20090222916

EMBEDDED PATCH MANAGEMENT - A method, system and apparatus is provided for embedded patch management. In one embodiment, a method is provided. The method includes receiving a call to a code module. The method further includes checking a guardian stack for indications of authorization. The guardian stack is separate from an execution stack. The method also includes passing the call to an internal code module. Moreover, the method includes executing the code module.

2009-09-03

20090222917

DETECTING SPAM FROM METAFEATURES OF AN EMAIL MESSAGE - Detecting spam from metafeatures of an email message. As a part of detecting spam, the email message is accessed and a distribution of numerical values is accorded to a set of features of the email message. It is determined whether the distribution of numerical values accorded the set of features of the email message is consistent with that of spam. Access is provided to the determination of whether the email message has a distribution of numerical values accorded the set of features that is consistent with that of spam.

2009-09-03

20090222918

Systems and methods for protecting a server computer - A server computer protection apparatus protects a server computer against DoS attacks, but allows access to the server. The server computer protection apparatus comprises a unit configured to calculate the load state of the server computer on the basis of the number of data requests made upon the server computer, and the number of data responses of the server responsive to the data requests, and for changing the rate of data requests to be transferred to the server, in accordance with the load state.

2009-09-03

20090222919

METHOD AND SYSTEM FOR CONTENT CATEGORIZATION - The invention discloses a method and system for content categorization, which aims at reducing the processing burthen of the content categorization as well as the network transmission traffic. The method comprises: transmitting, by a content categorization requester, a content digest of a content to be categorized to a content categorization provider; and performing, by the content categorization provider, content categorization according to the content digest. The device for requesting content categorization comprises: a digest operation determination component, adapted to determine whether it is necessary to obtain a content digest of a content to be categorized; a digest obtaining component, adapted to obtain the content digest of the content to be categorized when the digest operation determination component determines it necessary to obtain the content digest of the content to be categorized; and a first transmit component, adapted to transmit the content digest obtained by the digest obtaining component.

2009-09-03

20090222920

MALWARE DETECTION SYSTEM AND METHOD - Methods and systems are presented for detection of malware such as worms in which a network switch entices the malware into sending scan packets by allocating one or more ports as bait addresses, sending outgoing bait packets, and identifying compromised hosts that send unexpected incoming packets to a bait address.

2009-09-03

20090222921

Technique and Architecture for Cognitive Coordination of Resources in a Distributed Network - A system and method are disclosed for utilizing resources of a network. A constructive proof that a subset of resources is sufficient to satisfy the objective of a system can be generated. The constructive proof can comprise instructions for using the subset of resources. A set of computer-executable instructions can be created from the constructive proof and executed on a host device. The computer-executable instructions can control a data output device according to the instructions of the constructive proof.

2009-09-03

20090222922

SYSTEMS, METHODS, AND MEDIA PROTECTING A DIGITAL DATA PROCESSING DEVICE FROM ATTACK - In accordance with some embodiments of the disclosed subject matter, systems, methods, and media for protecting a digital data processing device from attack are provided. For example, in some embodiments, a method for protecting a digital data processing device from attack is provided, that includes, within a virtual environment: receiving at least one attachment to an electronic mail; and executing the at least one attachment; and based on the execution of the at least one attachment, determining whether anomalous behavior occurs.

2009-09-03

20090222923

Malicious Software Detection in a Computing Device - A method of scanning for viruses in the memory of a computing device in which only memory pages marked as executable need to be scanned. The trigger for the scan can be either via an API that changes a page from writeable to executable, or via a kernel notification that an executable page has been modified. This invention is efficient, in that it makes much previous scanning of file systems redundant; this saves power and causes devices to execute faster. It is also more secure, as it detects viruses that other methods cannot reach, and does so at the point of execution.

2009-09-03

20090222924

OPERATING A NETWORK MONITORING ENTITY - Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.

2009-09-03

20090222925

SECURE BROWSER-BASED APPLICATIONS - Techniques are provided for execution of restricted operations by computer program code in web browsers, where the code is permitted to invoke restricted operations if implicit or explicit consent is received. Such techniques may include generating a risk rating for a computer program code component, where the component includes at least one component operation for executing at least one restricted system operation; and prompting a user for permission to execute the restricted system operation, wherein the prompt includes the risk rating and a description of the component operation. The program code may include script code associated with a web page that invokes a web browser plugin, which in turn invokes the restricted system operation. The code may invoke the restricted system operation in response to receiving an input from a user via the web browser, where the input is for causing an action associated with performing the operation, the action implicitly granting consent to perform the operation.

2009-09-03

20090222926

SOFTWARE LICENSE MANAGEMENT SYSTEM THAT FUNCTIONS IN A DISCONNECTED OR INTERMITTENTLY CONNECTED MODE - A software license management system for a computer network is disclosed that is capable of operating in a disconnected or intermittently connected mode. The system is capable of borrowing software licenses from computer nodes in one of three modes. The three modes include a fault tolerance mode, a service licensing mode, and a normal online mode. When network instability occurs, an executive logic layer software module consults a set of rules to determine whether to automatically initiate short term software license borrowing using the fault tolerance mode or using the service licensing mode. The automatic short term software license borrowing continues as long as needed and then the normal online mode of software license borrowing is resumed.

2009-09-03

20090222927

Concealment of Information in Electronic Design Automation - In one exemplary embodiment disclosed herein, an electronic design automation tool may receive information related to electronic design automation that contains secured information, such as physically secured information, and annotations to indicate the secured portions of the information. Upon receiving such information, the electronic design automation tool may identify those portions of the information comprising secured information related to electronic design automation, and unlock the secured information for processing. The electronic design automation tool may process at least some of the secured electronic design automation information without revealing that secured information to unauthorized persons, tools, systems, or otherwise compromising the protection of that secured information. That is, the design automation tool may process the secured electronic design automation information so that the secured information is concealed both while it is being processed and by the output information generated from processing the secured information.

2009-09-03

20090222928

IMAGE PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - An identification-information obtaining unit obtains identification information for identifying a module to be customized. A validating unit validates, based on validation information including information indicating whether to allow a customization for a module identified by the identification information, whether the module identified by the identification information is customizable. When the validating unit validates that the module identified by the identification information is customizable, a control unit performs the customization of the module identified by the identification information.

2009-09-03

20090222929

METHOD, PROGRAM, AND SERVER FOR BACKUP AND RESTORE - A recording device which backs up a content α in a recording medium and a recording device which restores the content are registered in a server so as to belong to the same domain group. When the recording device tries to restore the content, the restore is permitted only when both the recording devices belong to the same domain group. When there is a refresh request of the domain group, the domain group is invalidated only when a refresh period has passed. When a refresh number recorded in the recording device is less than or equal to the refresh number recorded in the recording device, the recording device backs up and locally merges the content recorded in the recording device into the recording medium.

2009-09-03

20090222930

SYSTEM AND METHOD FOR MULTIMEDIA DATA VALIDATION - There is disclosed a media file distribution system and method. An asset management and delivery system and method for the distribution of digital files and data is provided. There are two major functions, with sub-functions within each. The system first serves as a fully automated management system for a company involved in video/file distribution, such as in video on demand (VOD) or other digital file industries. The system can ingest, prepare, schedule, transmit, track and report on any aspect of the business chain. Secondly, it also serves as a product for both content providers and recipients to be able to view, manage and run their entire content offering remotely from anywhere through the Internet.

2009-09-03

20090222931

NOVEL IDENTIFIED ONCOGENE WITH KINASE-DOMAIN (NOK) - A newly identified oncogene with kinase-domain (NOK) and its encoded polypeptide, and vectors, fusions, host cells and transgenic animals comprising the said nucleotide sequence. Furthermore, the present invention also describes the methods for diagnosing diseases including tumor and the methods for screening agents capable of inhibiting the occurrence and/or metastasis of tumor.

2009-09-03

20090222932

ALZHEIMER'S DISEASE ANIMAL MODEL, METHOD FOR OBTAINING SAME AND USES THEREOF - The invention relates to a transgenic non-human animal which can be used as a non-human animal model for studying Alzheimer's disease (AD) and which is characterized in that: it contains a heterologous polynucleotide (transgene) which is inserted in the genome thereof and which comprises the nucleotide sequence of the complete human APP gene together with the regulatory sequences thereof; and it has an endogenous expression pattern similar to that of the hAPP gene in humans. The inventive model can be used to study AD and in the screening of potentially-useful compounds for the prevention and/or treatment of AD.

Pre-B Cell Proliferation and Lymphoblastic Leukemia/High-Grade Lymphoma in MIR155 Transgenic Mice - A transgenic non-human animal, such as a mouse, has a genome that include a nucleic acid construct having at least one transcriptional regulatory sequence capable of directing expression in B cells of the animal, wherein the transcriptional regulatory sequence is operably linked to a nucleic acid encoding a miR155 gene product. A method of testing the therapeutic efficacy of an agent in treating or preventing a lymphoproliferative condition includes assessing the effect(s) of the agent on a transgenic non-human animal.

2009-09-03

20090222935

Transgenic animals and uses thereof - In general, the invention features genetically modified non-human mammals (e.g., bovines and other ungulates), and methods of making these mammals. In particular, the invention features transgenic ungulates having reduced levels of endogenous IgM heavy chain and/or prion protein.

2009-09-03

20090222936

Recombinant Expression of Multiprotein Complexes Using Polygenes - The present invention relates to a recombinant polynucleotide encoding a polygene coding for at least three polypeptides wherein at least one of the genes constituting the polygene is of non-viral origin, at least two of the polypeptides encoded by the genes constituting the polygene are each capable of at least transiently interacting with at least one other polypeptide encoded by a gene of said polygene, and the genes constituting the polygene are each connected to one mother by a sequence coding for at least one protease cleavage site. The present invention also relates to polyproteins encoded by the polygene. Further embodiments of the present invention are a vector containing the recombinant polypeptide, a host cell containing the recombinant polypeptide and/or the vector and a non-human transgenic animal transformed with the recombinant polypeptide and/or the vector. The present invention also relates to methods for the production of the polynucleotide and for the manufacture of multiprotein complexes. The embodiments of the present invention are particularly useful in gene therapy, drug candidate screening, vaccine production and crystallisation of multiprotein complexes for structural investigations.

Therapeutic Target Molecules For The Development of Novel Medicaments for Degenerative Diseases - The present invention generally relates to the field of therapy, prophylaxis and diagnosis of degenerative diseases, in particular neurodegenerative diseases. Specifically, the present invention relates to genes and proteins, which are regulated in connection with chronic oxidative stress in cells and are applied for therapy, prophylaxis, and diagnosis of degenerative diseases, in particular neurodegenerative diseases. Additionally, the present invention relates to the use of genes and proteins, which are regulated in conjunction with chronic oxidative stress in cells, for the screening of candidate substances to identify prophylactic and/or therapeutic agents, which agents modulate the biologic activity of genes and/or proteins, which genes and/or proteins are activated in conjunction with chronic oxidative stress in cells. Further, the present invention relates to methods for diagnosis of degenerative diseases, in particular neurodegenerative diseases, and methods for identifying prophylactic and/or therapeutic agents, which agents modulate the biologic activity of genes and/or proteins, which genes and/or proteins are activated in conjunction with chronic oxidative stress in cells. Further, the present invention relates to kits performing the methods of diagnosis.

NON-DEHISCENT SESAME - Methods for improving the agriculture of sesame, an Improved Non-Dehiscent (IND) sesame class and methods for breeding IND are disclosed. The IND sesame holds its seed in capsules for four or more weeks after ideal harvesting time, during extended adverse weather conditions, thus offering the grower flexibility as to when to harvest. The methods also improve current agricultural methods for growing sesame by allowing growers to leave the crop in the field for a longer period of time without the loss of seeds and concomitant reduced yield. The grower is able to reduce the ratio of combine harvesters required for mechanical harvest of sesame crops. Further, a method of growing crops in geographical areas previously unsuitable for sesame agriculture is disclosed. IND allows ready release of seed from the capsule during mechanized harvesting with minimal broken seed.

GENERATION OF PLANTS WITH IMPROVED PATHOGEN RESISTANCE - The present disclosure is directed to plants that display a modified pathogen resistance phenotype (e.g., increased nematode resistance) due to altered expression of an NMR nucleic acid. The invention is further directed to methods of generating plants with a modified pathogen resistance phenotype.

2009-09-03

20090222943

INBRED CORN LINE PHCPR - A novel inbred maize line designated PHCPR and seed, plants and plant parts thereof. Methods for producing a maize plant that comprise crossing inbred maize line PHCPR with another maize plant. Methods for producing a maize plant containing in its genetic material one or more traits introgressed into PHCPR through backcross conversion and/or transformation, and to the maize seed, plant and plant part produced thereby. Hybrid maize seed, plant or plant part produced by crossing the inbred line PHCPR or a trait conversion of PHCPR with another maize line. Inbred maize lines derived from inbred maize line PHCPR, methods for producing other inbred maize lines derived from inbred maize line PHCPR and the inbred maize lines and their parts derived by the use of those methods.

Brittle stalk 2 polynucleotides, polypeptides, and uses thereof - This invention relates to an isolated polynucleotide encoding a BRITTLE STALK 2 (BK2) polypeptide. The invention also relates to the construction of a chimeric gene encoding all or a portion of the BK2 polypeptide, in sense or antisense orientation, wherein expression of the chimeric gene results in production of altered levels of the BK2 polypeptide in a transformed host cell.

Plants Modified With Mini-Chromosomes - The invention is generally related to methods of generating plants transformed with novel autonomous mini-chromosomes. Mini-chromosomes with novel compositions and structures are used to transform plants cells which are in turn used to generate the plant. Methods for generating the plant include methods for delivering the mini-chromosome into plant cell to transform the cell, methods for selecting the transformed cell, and methods for isolating plants transformed with the mini-chromosome. Plants generated in the present invention contain novel genes introduced into their genome by integration into existing chromosomes.

2009-09-03

20090222948

Method for modifying plant morphology, biochemistry and physiology - The present invention relates to methods for stimulating root growth and/or enhancing the formation of lateral or adventitious roots and/or altering root geotropism comprising expression of a cytokinin oxidase or comprising expression of another protein that reduces the level of active cytokinins in plants or plant parts. Also provided by the present invention are methods for increasing seed size and/or weight, embryo size and/or weight, and cotyledon size and/or weight. The methods comprise expression of a cytokinin oxidase or expression of another protein that reduces the level of active cytokinins in plants or plant parts. Methods and compositions for increasing seed yield are also provided. The invention also relates to isolated plant cytokinin oxidase proteins, nucleic acid sequences encoding cytokinin oxidase proteins as well as to vectors, host cells, transgenic cells and plants comprising such sequences. The use of these sequences for improving root-related characteristics including increasing yield and/or enhancing early vigor and/or modifying root/shoot ratio and/or improving resistance to lodging and/or increasing drought tolerance and/or promoting in vitro propagation of explants and/or modifying cell fate and/or plant development and/or plant morphology and/or plant biochemistry and/or plant physiology, is also provided. The invention also relates to methods for identifying and obtaining proteins and compounds interacting with cytokinin oxidase proteins as well as the use of such proteins and/or compounds as plant growth regulators or herbicides.